New IT system design guidelines have been written by the TM Forum’s Open Digital Architecture (ODA) project in order to help service providers manage their security and privacy risks. Dave Milham, Chief Architect of the TM Forum, wrote that:
They cover a full enterprise lifecycle vision for security and governance, and offer a detailed set of methods for enterprise risk assessment which are suitable for DevSecOps automation.
The IG1186 ODA Governance and Security Vision guidance takes and applies best practice from other organizations, including the TOGAF Standard from the Open Group. The purpose is to show how to deliver security and privacy by design through a well-defined ODA lifecycle methodology.
The IG1187 ODA Enterprise Risk Assessment guidance offers introductory advice on how to gauge the risk appetite, risk tolerance, and asset exposure of an enterprise. It may be used by either service providers or vendors as part of the way they design and implement effective governance and security processes.
These documents are the product of a workshop which was hosted by Oracle and supported by Vodafone and Huawei. They may be downloaded by members of the TM Forum.